1. Field Of The Invention
The present invention relates to the field of computer networks. More particularly, the present invention relates to a method and an apparatus for resolving a Domain Name Service request in a system where it is possible for the user to connect to more than one network at a time.
2. The Background
The Transmission Control Protocol/Internet Protocol (TCP/IP) is a common networking protocol which has become even more popular during the rise of the Internet. Sending or receiving information using the TCP/IP protocol requires encapsulating information into packets. Each packet includes a header and a payload. The header contains information related to the handling of the payload by a receiving host or routing device, while the payload contains part or all of the user information. The information in the header includes the sender""s and the recipient""s addresses and is used to route the packet through the Internet until the packet is received by a host having an IP address that matches the packet""s destination address (when referring to the source address and destination address of a packet, the source address and destination address are commonly referred to as xe2x80x9cSAxe2x80x9d and xe2x80x9cDAxe2x80x9d, respectively). This enables users to accurately send and receive information with each other through their respective host computers.
By implementing a protocol common to all devices using the Internet, users may send and receive information with other users on the Internet in a seamless manner regardless of geographic location or the type of host and/or interconnected network used. While IP addresses themselves are in numerical form, in order to make navigating the sea of addresses simpler, the Domain Name Service (DNS) was formed. DNS enables the central managing of host names to IP addresses. It is actually a distributed database which allows for the dissemination of new host information as needed. There are a great many DNS servers distributed throughout the Internet, and most large Internet Service Providers (ISPs) maintain their own DNS servers.
FIG. 1 is a diagram illustrating the DNS hierarchy, which is similar to that of a computer file system. At the top of the hierarchy is the root domain 50, which includes a group of root servers to service the top-level domains. The top level domains are separated into organizational and geographical domains. Many countries have their own top-level domains, such as .uk for the United Kingdom, .de for Germany, and .jp for Japan (not shown). The United States has no country-specific top-level domain, but is the main user of the six organizational top-level domains, which are net for network support organizations 52, .gov for government agencies 54, .mil for military users 56, .org for not for profit organizations 58, .com for commercial enterprises 60, and .edu for educational facilities 62. There are also a near infinite number of lower level domains. Each level of domain names may have another level of domain names below it. For example, a lower level domain work 64 may be located under the .com domain 60, and the lower level domain .univ 66 may be located under the .edu domain 62. At the lowest level are the hosts. For example, the host labeled overtime 68 may be located under the .work sub-domain under the .com domain while the host labeled vax 70 may be located under the .univ sub-domain under the .edu domain. The proper way to read these two DNS host names would then be overtime.work.com and vax.univ.edu.
The steps of locating an IP address from a host, sub-domain, and domain name proceeds as in the following example. If a user in the vax.univ.edu domain wishes to contact a user with the user name sun in the work.com domain, the first step is to contact its own DNS server. Therefore, if the vax.univ.edu host is configured with a DNS server at the IP address 133.3.1.3, the user sends a DNS request to that IP address. The DNS server then searches for the entry in its database. Generally, a DNS server maintains only a database of host addresses (or sub-domain names) within its own subnet. Therefore, the DNS server would look for an IP address corresponding to the domain/sub-domain combination .univ.edu. It may or may not have information that precise. It may only have information regarding the IP address of the .com domain and not the .work.com domain. If it has information about the IP address of the DNS server of the .workcom domain, it then contacts the .work.com DNS server and requests the IP address of the precise user it wishes to contact in the .work.com domain. If however, the DNS server associated with the vax. univ. edu host only has information about the address of the DNS server of the .com domain, it returns only that address, and then recursively navigates down the branches of DNS servers in the .com domain until it locates the address it needs (in the present example, it only searches down one level, but in more complicated hierarchies it may need to search through many levels of DNS servers).
This system has worked well in the past. However, recently it has become possible for a user to connect to two or more networks simultaneously through a single connection, such as a Point-to-Point Protocol (PPP) connection. FIG. 2 is a diagram illustrating a system in which a user connects to a multiple networks using a single connection. User 80 maintains a PPP connection 82 to a gateway 84 (most likely maintained by an ISP). Gateway 84 maintains a first connection (either a primary PPP connection or a secondary connection) to a first network 86. Gateway 84 also maintains a second connection (a secondary connection) to a second network 88. Other network connections may be established as additional secondary connections. In these types of systems, a dilemma occurs in determining how the DNS request is to be sent. The user machine may not know through which network to send the DNS request. Recursive searching through DNS servers can be very time consuming and traffic intensive, and therefore an incorrect choice may result in the slower and less efficient processing of the request. Additionally, some of the connected networks may not be able to pass the DNS request to a correct address. This can occur if the network connection is an intranet, or other local network, which does not have a connection to the Internet. Passing a DNS request to such an intranet may result in the DNS request never arriving at its destination, if the DNS request cannot be answered by the intranet. Additionally, passing a private DNS request to a hostile network may allow the hostile network to impersonate the network domain, creating a security risk.
What is needed is a solution which allows a DNS request to be directed to the network that will minimize the time and traffic required to conduct the DNS search as well as increase the chances that the DNS request will be answered in a system in which the user is connected to more than one network simultaneously.
What is further needed is a solution that provides a deterministic way to resolve a DNS request which minimizes security risks.
A gateway is provided which resolves a DNS request in a manner that minimizes the time and bandwidth required to conduct a DNS search as well as increases the chances that a DNS request will be answered for systems in which the gateway is connected to more than one network simultaneously. The gateway performs this by: comparing the domain name query of the DNS request to the domain name of each accessible network; altering the DNS request so that the destination address of the DNS request corresponds to a DNS server within the first matching accessible network, if an accessible network is found whose domain name matches the domain name query; forwarding the DNS request to the first matching accessible network if an accessible network is found whose domain name matches the domain name query; and either forwarding the unaltered DNS request to a network specified by a user if none of the domain names of the accessible networks match the domain name query of the DNS request or forwarding the unaltered DNS request to the largest accessible network unaltered if none of the domain names of the accessible networks match the domain name query of the DNS request.